8d28b02dc1
9 changes to exploits/shellcodes JBoss 4.2.x/4.3.x - Information Disclosure Naukri Clone Script 3.0.3 - 'indus' SQL Injection Facebook Clone Script 1.0.5 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Arbitrary File Upload Lawyer Search Script 1.0.2 - Cross-Site Scripting Bitcoin MLM Software 1.0.2 - Cross-Site Scripting Select Your College Script 2.0.2 - Authentication Bypass Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting Multi Language Olx Clone Script - Cross-Site Scripting
20 lines
No EOL
806 B
Text
20 lines
No EOL
806 B
Text
#################################################################################################################
|
|
# Exploit Title: Multi religion Responsive Matrimonial - 4.7.2 - Stored XSS
|
|
# Date: 07.02.2018
|
|
# Vendor Homepage: https://www.phpscriptsmall.com/
|
|
# Software Link:
|
|
https://www.phpscriptsmall.com/product/multireligion-responsive-matrimonial/
|
|
# Category: Web Application
|
|
# Exploit Author: Prasenjit Kanti Paul
|
|
# Web: http://hack2rule.wordpress.com/
|
|
# Version: 4.7.2
|
|
# Tested on: Linux Mint
|
|
# CVE: CVE-2018-6864
|
|
##################################################################################################################
|
|
|
|
*Proof of Concept*
|
|
|
|
1. Login into site
|
|
2. Goto "Edit Profile"
|
|
3. Put "<script>alert("PKP")</script>" in any field
|
|
4. You will be having a popup "PKP" |